An allegory for computer security. You have lived all your life in a quickly growing town, whose growth has been sped up by constructing all the buildings out of wood. Some buildings in town are huge structures that have been repeatedly expanded with new wings and towers; others are simple shacks that are put up … Continue reading The Wooden Firehouse
Tips for course staff
Own the course (all else follows)This is your course and its success or failure reflects on you.Make it the best you can.Be responsibleGet things done on time or ahead of time. Sometimes otherresponsibilities make this tough. Let the instructor andyour colleagues on course staff know if you need help.Be nicer.Try to be at least as … Continue reading Tips for course staff
Headroom for Champions: a Scoring System for Identify the Champion
Andrew Myers Context: Many conferences attempt to follow Oscar Nierstrasz’s insightful and hugely helpful Identify the Champion pattern for scoring paper submissions. In my experience, however, the quality of PC decisions is being harmed by one aspect of this system that has not been working quite as expected: in particular, the A–D scoring system proposed … Continue reading Headroom for Champions: a Scoring System for Identify the Champion
Nondestructive lists in JavaScript: a cheap hack
Let's say you are programming in JavaScript but you are used to linked lists with their nondestructive O(1) operations. You could code up linked lists, but it's a bunch of code and the overhead of abstraction is a bit high, so you might end up being slower anyway. What to do? Here's a simple hack: … Continue reading Nondestructive lists in JavaScript: a cheap hack
The Point of Pranks
We need more pranks. Talking about this is an excuse for me to relate some stories about pranks I was involved with as a software engineer at Silicon Graphics (SGI). Silicon Graphics no longer exists, but it pioneered the design of modern graphics hardware and of multiprocessor OS kernels. Other cool companies that nucleated around … Continue reading The Point of Pranks
The Point of Pranks
We need more pranks. Talking about this is an excuse for me to relate some stories about pranks I was involved with as a software engineer at Silicon Graphics (SGI). Silicon Graphics no longer exists, but it pioneered the design of modern graphics hardware and of multiprocessor OS kernels. Other cool companies that nucleated around … Continue reading The Point of Pranks
Engineering
You will be asked to implement specifications that are unclear or contradictory. You will be evaluated anyway on whether you implemented the right specification. You will be asked the wrong questions. Still, you will have to answer the right question. You will need judgment and creativity to succeed.
Meltdown, Spectre, and why hardware can be correct yet insecure
The recent Meltdown and Spectre attacks have exposed, or at least emphasized, a fundamental problem with the conventional approach to computer security at the hardware level. Both of these attacks rely on side channels in conventional processor designs. By exploiting these side channels, an untrusted program can learn the contents of the operating system kernel's memory or … Continue reading Meltdown, Spectre, and why hardware can be correct yet insecure
A pet peeve about hash tables
The hash table is a wonderful data structure. Unfortunately no one wraps it in the right abstraction. Typically, hash table implementations do some hashing internally, which is insufficient unless you're hashing pointers, and wastes time if you're already providing a good hash function. But how do you know if your hash function is good enough? … Continue reading A pet peeve about hash tables
Deserialization considered harmful: the security case for persistent objects
I've done a fair amount of work on persistent object systems, starting with the Thor distributed storage system and more recently, the Fabric system. I used to think the point of persistent object systems was to make programming easier. Lately I think security might be an even stronger argument. For programmers, the great thing about persistent … Continue reading Deserialization considered harmful: the security case for persistent objects
Java vs. OCaml vs. Scala
I just inadvertently ran a poorly controlled experiment on the relative virtues of these three programming languages, at least for the job of writing compilers. Despite the nonexistent experimental protocol, I thought the results were pretty interesting—even if they may irritate some of my PL colleagues. In my compilers course at Cornell (CS 4120), I let the … Continue reading Java vs. OCaml vs. Scala
Andrew Myers 